On Mon, 11 Jun 2001, Deocs Postmaster wrote:
The following is from my firewall log file:
Incoming:
06/11/2001 19:19:59 200.4.193.240[3268] == 192.168.1.100[80]
06/11/2001 19:19:59 200.4.193.240[3268] == 192.168.1.100[80]
06/11/2001 19:20:00 200.4.193.240[3268] == 192.168.1.100[80
Users,
The following is from my firewall log file:
Incoming:
06/11/2001 19:19:59 200.4.193.240[3268] == 192.168.1.100[80]
06/11/2001 19:19:59 200.4.193.240[3268] == 192.168.1.100[80]
06/11/2001 19:20:00 200.4.193.240[3268] == 192.168.1.100[80]
06/11/2001 19:20:00 200.4.193.240[3268] ==
Users,
I see stray attempts in the log files to execute programs,
scripts, etc that I can only explain as someone attempting
to hack into my server. So far Apache has rewarded them
with 404's. My firewall logs shows all sorts of stray
hits against my IP.
(1) Are there established guidelines
Chris,
Take a look at this page and the prev_in_thread:
http://marc.theaimsgroup.com/?l=apache-modsslm=98585282000478w=2
Dave
At 10:29 AM 05/23/2001 , you wrote:
I'm sure this is documented somewhere, but I am unable to find it. I have
two IP-based vhosts, which I have configured for SSL. The
Kings,
I think this may be an SSL issue, see below.
The reason this is a problem is that the users of this system (the
authors) should not be expected to re-authenticate each and every time
they wish to view or manipulate common file types contained in the web
folders. Seems reasonable.
Kingsley,
Now I have the
pleasure of dealing with Microsoft's Web Folders implementation (a DAV
client) which re-asks for username/password way too often.
I am using web_dav on one of my sites, and it works quite well
from Microsoft's Web Folders. What do you mean:
re-asks for
Users,
Oops, I originated this question. As usual, the group promptly
provided a wide array of perspectives and technical insights.
How to change the signature:
(1) ServerTokens ProductOnly in the config file
(2) apache_src_dist/src/includes/httpd.h in the code
In the end its a configuration
Users,
From telnet this command returns the type of server,
installed modules, and other information. That info
is tabulated and tracked by www.netcraft.com (who also
infers the operating system) and can help an attacker
find a website's vulnerabilities.
Why is this information so openly
At 07:54 AM 05/07/2001 , you wrote:
Deocs Postmaster wrote:
From telnet HEAD / HTTP/1.0 returns the type of server,
installed modules, and other information.
Why is this information so openly disclosed, and is
there an easy way to disable or modify it?
Do you think hiding your apache
At 01:19 PM 04/25/2001 , you wrote:
Hi,
i am developing an application, where the server needs to authenticate the
client. On the client side i am using JSSE. On the server side i am using
Apache with openssl.
Can anyone tell me the step by step procedure, about
1. How to make the server request
Dave,
OK I am new to SSL and Apache, modlssl.
So, i can start with the client auth, using a browser first.
Can you please explain how you sign the client with your own ca cert?
Basically what are the steps that you need to do, to be a CA?
I find on the modssl guide, to use sign.sh but i am on
Jay,
Very good! I don't recall the .RND file or pass phrase
details. Deleting the pass phrase is optional, but I
don't know what the issues are. I just followed the
instructions, it worked, I was happy.
The instructions have the file being named .CERT I noticed
that if I name them .CER then
Can you all help me to find pristine, untouched install.exes for obsolete
56-bit versions of NS and IE?
This link has links to archived NS browsers:
http://home.netscape.com/download/archive.html
I avoid IE as much as possible, but I think you may be able to
find old versions of IE on
LoadModule ssl_module modules/mod_ssl.so
the server will not start and tells me: "Cannot load
c:/apache/modules/mod_ssl.so (182)"
If I hide the SSL files from the execution path I get a similar
error(126) when I try to run Apache with SSL. The SSL files are:
ssleay32.dll
libeay32.dll
Hi
I'm having trouble with the installation of the
Apache_1.3.19-Mod_SSL_2.8.2-OpenSSL_0.9.6-WIN32.zip
The file was downloaded from the contribution area.
When starting the apache I got a message:
"Syntax error on line 205 of c:/java/tools/apache/conf/httpd.conf:
Cannot load
At 02:51 AM 03/26/2001 , you wrote:
David Rees wrote:
Please read the FAQ.
http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47
This question comes up so often it should be in the .sig of the list!
Either nobody ever reads the FAQ (quite probable) or the FAQ entry is
rathe hard to
Users,
I found this in my access log this morning. The server is
Apache-1.3.19+mod_ssl-2.8.1 with mod_dav under Win2K
and hosts both HTTP and HTTPS.
63.251.5.48 - - [22/Mar/2001:05:40:58 -0500] "GET
http://www.yahoo.com/index.html HTTP/1.1" 200 1048
Has anyone else seen this, or know what
Hi,
What has happened is that someone has telneted into your web server and
issued a get command. AFAIK no great mischief can be done by this. I believe
that I'm correct in saying that this is a feature of apache.
Try it for yourself.
I have a test server called testweb, if I do the following
I have noticed that both my HTTP, but mostly my HTTPS
web pages fail on larger files when I am accessing
them from within the my LAN. The problem seems worse
if go through the domain name (www.server.com) than
if I use the IP (192.168..) directly. I attributed
that to a TCP/IP packet problem.
Jay,
I have mod_ssl working with Apache. I started with the
OpenSSL csr-cert route, and that worked fine. Then I
went the "free" Thawte csr-cert route. That worked
from Netscape and IE, but not when the client was Java.
I found a note in the Java User's Group saying Java had
a problem with
et al,
If you haven't see these pages:
This page has numerous generic Apache examples.
http://httpd.apache.org/docs/vhosts/examples.html
The mod_ssl documentation has some info as well
http://www.modssl.org/docs/2.8/ssl_howto.html
http://www.modssl.org/docs/2.8/ssl_faq.html
Dave
At 10:37 AM
benr,
Following is from a Win32 httpd.conf file that is running
1.3.19 and 2.8.1. I created the certificates using the openssl
tools, and this has worked very well for https: from Netscape.
It has fewer configuration lines than your email, so hopefully
it has some clue to work from. This
I originated the message below, and the problem appears
to have been from the firewall. More testing revealed
that it worked from https:/127.. and https://192.. The
error only occurred through the domain name. I had seen
this before, and have since upgraded the firewall and all
is well.
At
At 10:55 PM 03/04/2001 , you wrote:
Over my head, and apparently our web master also. We have mod_ssl running
on a linux box. Netscape usually works. IE 4 doesn't load all the
references (graphics and .js fils) that means it loads SOME and they are
all referenced the same. Hit refresh and
At 02:37 AM 03/06/2001 , you wrote:
Hi,
When I run configure.bat to patch apache with modssl, it show error msg
Global symbol "$first2" requires explicit package name at configure.bat
line 269.
BEGIN not safe after errors--compilation aborted at configure.bat line 283.
This information
Jeff,
Thanks for idea. I set up httpd.conf with:
KeepAlive Off
The other browser settings don't look for DavExplorer,
so I don't think its getting turned on later.
DavExplorer fails the same with KeepAlive off, but I
did see some other error messages that point to timeouts
and socket
[EMAIL PROTECTED],
I am using the following:
Apache_1.3.19
mod_ssl_2.8.1
mod_dav_1.1.0
openssl_0.9.6
Windows 2K
At mod_dav's request, I recompiled it with EAPI enabled.
When I SSL upload large files (~1MB) from a WebDAV client to the
web server, it fails and I get this error line in
At 06:18 AM 3/9/01 , you wrote:
Oops! I had the name for file (2) wrong, I think this is correct:
The Apache_1.3.19 and modssl_2.8.1 source file from March 3
needs the following from the CVSWeb:
(1) [modssl] / mod_ssl / pkg.mod_ssl / configure.bat
(2) [modssl] / mod_ssl / pkg.mod_ssl
At 07:33 AM 3/9/01 , you wrote:
How far did you make it through INSTALL.Win32 before it failed?
Up to the build process, it crashed on mod_ssl.c. I downloaded
the 2.8.1 distribution and fetched the files you listed from CVSweb,
replaced them and started the build process. Perhaps you can
send
The Apache_1.3.19 and modssl_2.8.1 source file from March 3
needs the following from the CVSWeb:
(1) [modssl] / mod_ssl / pkg.mod_ssl / configure.bat
(2) [modssl] / mod_ssl / pkg.mod_ssl / pkg.sslmod / Makefile.w32
At 03:36 PM 03/08/2001 , you wrote:
can someone put a precompiled version of
Oops! I had the name for file (2) wrong, I think this is correct:
The Apache_1.3.19 and modssl_2.8.1 source file from March 3
needs the following from the CVSWeb:
(1) [modssl] / mod_ssl / pkg.mod_ssl / configure.bat
(2) [modssl] / mod_ssl / pkg.mod_ssl / pkg.sslmod / Makefile.win32
At 03:36
31 matches
Mail list logo
